B2B contact enrichment is sometimes treated as a black box — data appears, no one explains where it came from. We don't think that's good enough. Here's how prospiq sources its data, what makes it lawful to process, and the things we explicitly won't do.
What kind of data we work with
prospiq deals exclusively in professional business contact information: a person's name, their company, their work email address, their work phone number, their job title. We don't process consumer data, personal email addresses (Gmail, Yahoo, personal Outlook), or any identifiers tied to private life.
Where the data comes from
Our verified contact data is sourced from professional public records, business directories, company websites, professional networks where the person has chosen to publish their business identity, and licensed data partners who supply the same categories of information under contractual standards we require.
Every record we return passes through our own verification before we hand it to you. A source telling us an email exists isn't enough — we test it ourselves against the receiving mail server before we'd stand behind it.
What makes this lawful
Under GDPR, processing personal data requires a lawful basis. For B2B contact enrichment, the relevant basis is legitimate interests (GDPR Article 6(1)(f)) — both ours and yours, as the customer.
Specifically:
- The data we process is professional, not private. It's information people have shared in a business context — published on a company website, on a professional network profile, in a directory.
- Our use of it (helping businesses connect with other businesses) is reasonable to expect in B2B commerce.
- The impact on the data subject is minimal — receiving a contact attempt from another business, with a clear way to opt out.
Under India's DPDP Act, B2B professional contact information falls within scope and we apply the same standards: legitimate use, minimal scope, easy opt-out.
These rationales aren't ours to assert alone — they need to hold up to the data subject's expectations. So we constrain ourselves accordingly.
What we won't process
- Personal email addresses. No Gmail, Yahoo, Outlook, ProtonMail, or other consumer email providers. We're a work-email tool, full stop.
- Personal phone numbers. No mobile numbers from consumer registries. Phone numbers we return are direct business numbers.
- Sensitive categories. No health data, no political views, no religious affiliation, no sexual orientation, none of GDPR's special categories.
- Children's data. Nothing involving minors, regardless of context.
- Data sourced from breaches. We don't buy or use data from breach dumps, dark web markets, or any source where the original collection wasn't lawful.
The opt-out mechanism
Any individual can request that their contact information be excluded from prospiq's enrichment results, regardless of whether they're our customer. We process opt-out requests as a binding instruction: once submitted, the email (and any associated identifiers) is added to our suppression list and will not appear in future enrichment results.
See Opt-out requests for how a person can submit a request.
Your responsibilities as our customer
When you use prospiq to enrich contacts and reach out to them, you're a separate data controller under GDPR. That means:
- You're responsible for having your own lawful basis to contact people
- You're responsible for honoring opt-out requests from people you've contacted (separately from our suppression list)
- You're responsible for complying with marketing laws in your jurisdiction and theirs (CAN-SPAM, CASL, PECR, etc.)
prospiq provides the data. The outreach is your decision, in your name, governed by your relationship with the recipient.
See GDPR and DPDP compliance for a fuller walkthrough.